Antivirusan.com

Antivirusan.com Description

Screenshot

What You will Find at the Antivirusan.com Domain

The address Antivirusan.com is associated with a website for the rogue anti-virus program Antivirus Protection. The domain Antivirusan.com is highly professional-looking; however, don't be fooled. There is nothing behind the flashy exterior of this hostile website. ESG security researchers strongly recommend against downloading Antivirus Protection or visiting the domain Antivirusan.com. If you have entered this website, ESG malware researchers recommend running a full scan of your computer system with a genuine anti-malware tool. Antivirusan.com may use JavaScript or Flash exploits to infect your computer with malware. If you have downloaded Antivirus Protection, ESG malware researchers recommend getting rid of it with a real anti-malware program. Remember, everything advertised on Antivirusan.com is highly suspecting. If you have entered your credit card information into this website, call your credit card company to block the charges. The domain Antivirusan.com has been associated with cases of identity theft and fraudulent credit card charges.
 

The Domain Antivirusan.com Distributes Rogue Security Programs

Superficially, the website Antivirusan.com looks highly professional. ESG malware researchers advise you to ignore Antivirusan.com's polished look, since the domain Antivirusan.com distributes what is known as rogue anti-virus programs. Rogue security programs are programs designed to mimic legitimate security programs on the surface. In reality, they are nothing more than a collection of harmful Trojans and dangerous scripts, designed to wreak havoc on a computer system. Typical effects of a rogue anti-virus infection include constant fake security alerts, altered system settings, system instability, and the hijack of your Internet browser. Programs like Antivirus Protection will blame all of these effects on a number of imaginary Trojans on your computer, and then will attempt to charge you to fix these very same problems.
 

Rogue Security Programs, Trojans, and the Domain Antivirusan.com

The most common way in which rogue anti-virus programs are distributed is through Trojans. Trojans are malicious software that exploit vulnerabilities in your computer's security, in order to infiltrate your system. While Antivirus Protection can be, and often is, delivered by a Trojan, it is often downloaded by unwary computer users that mistake it for a legitimate anti-virus program. ESG security researchers have identified a large-scale Internet marketing campaign for Antivirus Protection. This kind of distribution is known as social engineering. The criminals behind the domain Antivirusan.com and Antivirus Protection prey on a computer user's lack of knowledge and caution to advertise their malware as a legitimate anti-virus product.

Technical Information

File System Details

Antivirusan.com creates the following file(s):
# File Name Detection Count
1 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe N/A
2 %Temp%\[RANDOM CHARACTERS]\ N/A

Registry Details

Antivirusan.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'